Lucene search
K

5 matches found

NVD
NVD
added 2026/06/19 12:16 a.m.14 views

CVE-2026-12050

SQL injection in pgAdmin 4's named restore point endpoint POST /browser/server/restorepoint/gid/sid. The user-supplied 'value' field was interpolated directly into the SQL string with str.format instead of being passed as a bound parameter, allowing an authenticated pgAdmin user with a connected...

8.8CVSS0.00245EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 11:37 p.m.8 views

CVE-2026-12050

SQL injection in pgAdmin 4's named restore point endpoint POST /browser/server/restorepoint/gid/sid. The user-supplied 'value' field was interpolated directly into the SQL string with str.format instead of being passed as a bound parameter, allowing an authenticated pgAdmin user with a connected...

5.3CVSS5.4AI score0.00245EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/18 11:37 p.m.34 views

CVE-2026-12050 pgAdmin 4: SQL injection in named restore point endpoint

SQL injection in pgAdmin 4's named restore point endpoint POST /browser/server/restorepoint/gid/sid. The user-supplied 'value' field was interpolated directly into the SQL string with str.format instead of being passed as a bound parameter, allowing an authenticated pgAdmin user with a connected...

5.3CVSS0.00245EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 11:37 p.m.39 views

CVE-2026-12050

CVE-2026-12050 concerns pgAdmin 4. An authenticated user with a connected PostgreSQL session can exploit a SQL injection in the named restore point endpoint (POST /browser/server/restore_point/{gid}/{sid}) because the user-supplied value is interpolated into SQL via string formatting instead of a...

8.8CVSS5.5AI score0.00245EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.14 views

PT-2026-50816

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 1.0 through 9.15 Description An issue exists in the named restore point endpoint 'POST /browser/server/restore point/gid/sid' where the user-supplied value field is interpolated directly into the SQL string using str.format...

5.3CVSS5.9AI score0.00245EPSS
Exploits0References6
Rows per page
Query Builder